ISO 27001 A.18.1.1: How to satisfy Legal, Regulatory, Contractual, and other requirements

From an information security management point of view, complying with the required laws, regulations and contractual obligations can be as much of a challenge as dealing with the ever-evolving threat landscape and new forms of attacks.  What many organizations fail to understand is that both are equally important. Mandatory requirements can come in the form Read more…

7 ways the GDPR affects your organization

If there is one thing the last couple years have made clear, it is the lack of respect towards personal data privacy. From companies with inadequate security controls leading to improper management of sensitive information to businesses making a profit by selling clients’ information and even government agencies that like to play big brother. At Read more…

Why use standard agnostic controls in your compliance program

The adoption of a corporate-wide compliance program is one of the most demanding projects you may undertake. Furthermore making the most of time-consuming tasks such as controls implementation, requires not only the experience and knowledge but also a holistic approach at the design level. Every organization is different.  Standards were created keeping in mind that Read more…

How to manage the 2016 SOC 2 Content Update

In our ever changing technological and corporate environment, it is only natural for standards and best practices to receive regular updates that try to both accommodate corrections and improvements. That is what just recently happened to the American Institute of Certified Public Accountants criteria for the Trust Services Principles (TSP) by releasing a SOC 2 Content Read more…

Six features to consider when evaluating GRC platforms

Governance, Risk, and Compliance (GRC) is increasingly becoming a more integral part of most businesses, especially with mandates of risk analysis and information security integration within all aspects of business processes. Most organizations have regulatory, contractual or legal requirements obligations, and complying with these may seem like a daunting task to manage, and it can Read more…